
.png)

.png)

.png)

.png)
We are writing to inform you of a security incident that may have resulted in limited access to your personal information.
On November 5, 2024, we discovered that an unauthorized third party illegally accessed one of our email accounts and sent out phishing emails through that account. We immediately engaged a team of security experts, including legal counsel, to secure our systems and conduct a full investigation into the cause and scope of the incident.
The potentially impacted personal information varied by individual and may have included any of the following: full legal name, former/maiden name, date of birth, address, email address, phone number, property tax bill, rental equipment statements, copy of signature, marriage certificate, social insurance number, financial account number (including transit number), financial account type, line of credit information, bank account information, credit/debit card number, PIN or security code, mortgage information, pension information, pre-authorized payment form, tax bill, void cheque, wire instructions, passport information (including passport number), permanent resident card, and birth certificate.
We have no evidence that any of your information has been impacted, however we have elected to notify you out of an abundance of caution so that you may take whatever steps you deem necessary to protect yourself.
As soon as we learned of the incident, we immediately engaged a team of security experts to ensure our network and systems were fully secured. We took systems offline, reset all user accounts, and changed all passwords and credentials.
We have taken steps to prevent a similar event from occurring in the future, including implementing multi-factor authentication and conditional access policies. We also instituted antiphishing training and regular password changes for all employees.
We encourage you to be vigilant and mitigate any potential harm by taking the following steps to protect yourself:
It is possible that unauthorized individuals could attempt to use your information for the purposes of attempted identity fraud. This means that they could try to use that Information to impersonate you to obtain a benefit or service. Please remain vigilant for any potential signs of identity fraud such as suspicious activity on your bank accounts, unauthorized redirection of mail, unauthorized porting of your mobile phone, or receiving goods or services that you did not order.
It is possible that these unauthorized individuals may try to use the Information for other fraudulent purposes. A fraudster may contact you in an attempt to trick you into providing more personal information or access credentials, or to divert payments to or from you. To protect yourself against social engineering:
Sincerely,
Sharon Edoo, Director of Firm
Kormans LLP

Yes. We have secured the affected email account.

Yes. We are confident that our systems are secure and safe for use.

Please note that there is no evidence that your information has been accessed or misused. However, we always encourage you to be vigilant and mitigate any potential harm by taking steps to protect yourself. We suggest that you remain vigilant for signs of identity fraud and social engineering attempts


We do not have any information that your personal information has been targeted, copied or misused as a result of this incident.

No. Notification of this incident does not mean you are a victim of identity theft or fraud. We are providing notice of this incident out of an abundance of caution. As a precaution, we encourage you to review the information provided about steps you can take to protect your information against identity theft and fraud, should you determine it is appropriate to do so.

As soon as we learned of the incident, we immediately engaged a team of security experts toensure our network and systems were fully secured. We took systems offline, reset all user accounts, and changed all passwords and credentials.We have taken steps to prevent a similar event from occurring in the future, including implementing multi-factor authentication and conditional access policies. We instituted anti-phishing training and regular password changes for all employees.

Security and confidentiality are extremely important to us. Prior to notification, it was necessary to ensure that the incident had been contained and that there was no further risk of access. We also wanted to identify what information may have been accessed; and identify the individuals who may have been affected.
We wanted to wait until our investigation was complete to ensure that our information related to the breach is comprehensive and accurate. The investigation process took time as we wanted to be sure that no issues were overlooked.

There is no evidence that your personal information was affected. However, your personal information may have been included in the email inbox which may have been accessed during the incident. As a precaution, we recommend that you take appropriate steps to safeguard yourself from any potential misuse of your personal information.


As mentioned, we took immediate steps to contain and respond to the incident. This included retaining external security experts, taking systems offline, resetting all user accounts, andchanging all passwords and credentials.We launched a full investigation into the cause and scope of the incident with support from external cybersecurity experts. Our investigation has concluded and we have implemented further security measures to ensure that this doesn’t happen again.
We have taken steps to prevent a similar event from occurring in the future, including implementing multi-factor authentication and conditional access policies. We instituted anti- phishing training and regular password changes for all employees.